Django.wtf
Falldog/pyconcrete

Protect your python script, encrypt it as .pye and decrypt when import it

obfuscate
obfuscation
protection
python
python-encryption
python-library

pyconcrete

Travis AppVeyor PyPI Version PyPI PyVersion PyPI License

Protect your python script, encrypt .pyc to .pye and decrypt when import it

Protect python script work flow

  • Build the execution pyconcrete and read the MAIN.pye which encrypted by your passphrase.
  • pyconcrete will decrypt the source file and then launch python interpreter to do the normal python behavior.
  • pyconcrete will hook import module
  • when your script do import MODULE, pyconcrete import hook will try to find MODULE.pye first and then decrypt MODULE.pye via _pyconcrete.pyd and execute decrypted data (as .pyc content)
  • encrypt & decrypt secret key record in _pyconcrete.pyd (like DLL or SO) the secret key would be hide in binary code, can't see it directly in HEX view

Encryption

  • only support AES 128 bit now
  • encrypt & decrypt by library OpenAES

Compatibility

Pyconcrete has transitioned to using meson-python as its build backend starting from version 1.0.0. This provides a more powerful build mechanism and supports newer Python versions.

For older Python support: * Pyconcrete versions prior to 0.15.2 only support up to Python 3.10. * If you need support for Python 3.6 or Python 2.7, please use versions before 0.15.2. * Pyconcrete no longer supports Python versions earlier than 3.6.

Requirements

For unix base * apt: pkg-config, build-essential, python{version}-dev * pip: 23.1+

Installation

Due to security considerations, you must provide a passphrase to create a secret key for encrypting Python scripts: * The same passphrase will generate the same secret key. * Pre-built packages are not provided, so users must build the package yourself.

Build Process * Pyconcrete relies on Meson to compile the C extension. * The installation process will add a pyconcrete.pth file to your site-packages, enabling sitecustomize.py to automatically import Pyconcrete.

pip

  • Need to config the passphrase for installation. And only pip 23.1+ support passing argument via -C or --config-settings.
  • Remember to assign --no-cache-dir to avoid use pip's cached package which already built by old passphrase.
$ pip install pyconcrete \
  --no-cache-dir \
  --config-settings=setup-args="-Dpassphrase=<Your_Passphrase>"
  • Available arguments. Setup by --config-settings=setup-args="-D<argurment_name>=<value>"
  • passphrase: (Mandatory) To generate secret key for encryption.
  • ext: Able to assign customized encrypted file extension. Which default is .pye.

Usage

Full encrypted

  • convert all of your .py to *.pye
$ pyecli compile --pye -s=<your py script>
$ pyecli compile --pye -s=<your py module dir>
$ pyecli compile --pye -s=<your py module dir> -e=<your file extension>
  • remove *.py *.pyc or copy *.pye to other folder
  • main.py encrypted as main.pye, it can't be executed by normal python. You must use pyconcrete to process the main.pye script. pyconcrete(exe) will be installed in your system path (ex: /usr/local/bin)
pyconcrete main.pye
src/*.pye  # your libs

Partial encrypted (pyconcrete as lib) -> (DEPRECATED and not Safe)

  • import pyconcrete in your main script
  • project layout
main.py       # import pyconcrete and your lib
pyconcrete/*  # put pyconcrete lib in project root, keep it as original files
src/*.pye     # your libs

Test

  • test in local
$ pytest tests
  • test in docker environment
$ make test
  • test in docker environment for specific python version
$ make test 3.10

Example

Django with pyconcrete

Reference

https://matthew-brett.github.io/pydagogue/python_msvc.html https://github.com/cython/cython/wiki/CythonExtensionsOnWindows

Announcement

pyconcrete is an experimental project, there is always a way to decrypt .pye files, but pyconcrete just make it harder.

Stars
715
0.56% more than last month
Forks
154
Open Issues
6